package com.zhang.security.controller;

import com.zhang.security.pojo.Users;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;

import java.util.ArrayList;
import java.util.List;

@RestController
@RequestMapping("/test")
public class TestController {


    @GetMapping("hello")
    public String hello() {
        return "hello Security";
    }

    @GetMapping("index")
    public String index() {
        return "hello index";
    }

    //演示注解
    //@Secured({"ROLE_sale","ROLE_manager"})
    //@PreAuthorize("hasAuthority('admins111') ")
    @PostAuthorize("hasAuthority('admins111')")
    @GetMapping("update")
    public String upgate() {
        return "hello update";
    }


    @RequestMapping("getAll")
    @PreAuthorize("hasAnyAuthority('admins')")
    @PostFilter("filterObject.username == 'admin1'")
    @ResponseBody
    public List<Users> getAllUser() {
        ArrayList<Users> list = new ArrayList<>();
        list.add(new Users(1, "admin1", "6666"));
        list.add(new Users(2, "admin2", "888"));
        System.out.println(list);
        return list;
    }
}
